Synology has been investigating and working with users affected by a recent ransomware called “SynoLocker.”
Synology has confirmed the ransomware affects Synology NAS servers running older versions of DiskStation Manager, by exploiting a vulnerability that was fixed in December 2013, at which time Synology released patched software and notified users to update via various channels. Affected users may encounter the following symptoms:
° When attempting to log in to DSM, a screen appears informing users that data has been encrypted and a fee is required to unlock data.
° Abnormally high CPU usage or a running process called “synosync” (which can be checked at Main Menu > Resource Monitor).
° DSM 4.3-3810 or earlier; DSM 4.2-3236 or earlier; DSM 4.1-2851 or earlier; DSM 4.0-2257 or earlier is installed, but the system says no updates are available at Control Panel > DSM Update.
For users who have encountered the above symptoms, shutdown the system immediately to avoid more files from being encrypted and contact Synology’s technical support at http://tinyurl.com/q5kvecu. However, Synology is unable to decrypt files that have already been encrypted. For other users who have not encountered the above symptoms, Synology strongly recommend downloading and installing DSM 5.0, or any of these versions: DSM 4.3-3827 or later; DSM 4.2-3243 or later; DSM 4.0-2259 or later; DSM 3.x or earlier is not affected
Users can manually download the latest version from Synology’s Download Center and install it at Control Panel > DSM Update > Manual DSM Update.